9.3
CVE-2009-3604
- EPSS 9.74%
- Published 21.10.2009 17:30:00
- Last modified 09.04.2025 00:30:58
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
Data is provided by the National Vulnerability Database (NVD)
Glyphandcog ≫ Xpdfreader Version2.00
Glyphandcog ≫ Xpdfreader Version2.01
Glyphandcog ≫ Xpdfreader Version2.02
Glyphandcog ≫ Xpdfreader Version2.03
Glyphandcog ≫ Xpdfreader Version3.00
Glyphandcog ≫ Xpdfreader Version3.01
Glyphandcog ≫ Xpdfreader Version3.02
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.74% | 0.926 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|